General
-
Target
downloader.exe
-
Size
70.1MB
-
Sample
240821-n3fjnaxbna
-
MD5
c7185c4a4647b05be3624e0c0b5c4780
-
SHA1
0dbb92c2d493c844819a7d0e478997886fbc31a7
-
SHA256
38b7270ad607fd77f33e23d7fb1cfbf46c1a5a8541dc1d058cc78d84e5af733a
-
SHA512
1a10f829630e5a95dc3a499c0f5267b6f3677033514e253e06d12b15bef7d550e137eed6e45bccbebcff695fed31b13fa9766db672e55694ac2dc3ff12261b42
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3NA:lWoI7zGi5ahWc3Imq
Static task
static1
Behavioral task
behavioral1
Sample
downloader.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
downloader.exe
-
Size
70.1MB
-
MD5
c7185c4a4647b05be3624e0c0b5c4780
-
SHA1
0dbb92c2d493c844819a7d0e478997886fbc31a7
-
SHA256
38b7270ad607fd77f33e23d7fb1cfbf46c1a5a8541dc1d058cc78d84e5af733a
-
SHA512
1a10f829630e5a95dc3a499c0f5267b6f3677033514e253e06d12b15bef7d550e137eed6e45bccbebcff695fed31b13fa9766db672e55694ac2dc3ff12261b42
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3NA:lWoI7zGi5ahWc3Imq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-